OS X Mavericks update to fix major security flaw in Macs

apple logo

Apple has patched a major security flaw in OS X Mavericks that could allow hackers to intercept users' communications.

The OS X Mavericks v10.9.2 patch fixes a vulnerability that alters the way Mac devices handle encrypted communications, and means critical checks on the validity of a site's SSL certificate are overlooked when users try to establish a secure connection.

As a result, users have been warned to take caution when accessing sensitive web content using unsecured wireless networks until they have a chance to download the fix.

The emergence of the OS X Mavericks v10.9.2 patch comes several days after the consumer electronics giant flagged the existence of the same fault affecting iOS 6 and iOS7 devices.

At the time, details about a similar flaw in OS X Mavericks began to circulate, but a fix for the issue was only published on Apple's support pages yesterday.

The update also reportedly includes improvements to Mail, Messages and Safari apps, and also allows Mac users to participate in FaceTime calls.

In both cases, Apple's security alerts have stopped short of revealing whether the vulnerabilities have been exploited in the wild, or how long the company has been aware of their existence.

Mark Bower, vice president of infosecurity firm Voltage Security, said Mac users should download the patch as quickly as possible.

"This is a major bug that puts users' sensitive data, like login credentials, passwords, email and browsing data at risk," said Bower.

"Users should patch at their earliest opportunity. Until then, users should be very wary of accessing web content that is sensitive, especially on a network that attackers may also be on at the same time which is more often than you might think."

Caroline Donnelly is the news and analysis editor of IT Pro and its sister site Cloud Pro, and covers general news, as well as the storage, security, public sector, cloud and Microsoft beats. Caroline has been a member of the IT Pro/Cloud Pro team since March 2012, and has previously worked as a reporter at several B2B publications, including UK channel magazine CRN, and as features writer for local weekly newspaper, The Slough and Windsor Observer. She studied Medical Biochemistry at the University of Leicester and completed a Postgraduate Diploma in Magazine Journalism at PMA Training in 2006.